BlackBerry CEO Promises To Try To Break Customers' Encryption If The US Gov't Asks Him To

from the I-got-you dept

The DOJ's reps -- along with the new FBI boss -- keep making noises about device encryption. They don't like it. What they want is some hybrid unicorn called "responsible encryption," which would keep bad guys out but let law enforcement in. The government has no idea how this is supposed to be accomplished, but it has decided to leave that up to the smart guys at tech companies. After all, tech companies are only in it for the money. The government, however, answers to a higher calling: public safety -- a form of safety that apparently has room for an increase in criminal activity and nefarious hacking.

There's one cellphone company that's been conspicuously absent from these discussions. A lot of that conspicuous absence has to do with its conspicuous absence from the cellphone marketplace. Pretty much relegated to governments and enterprise users, Blackberry has been offering encrypted messaging for years. But it's been offering a different sort of encryption -- one it can remove if needed.

Enterprise users hold their own encryption keys but individual nobodies have their encryption keys held by Blackberry. Blackberry would likely be held up as the "responsible encryption" poster boy by the DOJ if only it held enough marketshare to make an appreciable difference. Instead, it's of limited use to the DOJ and FBI.

But that doesn't mean Blackberry isn't willing to submit multiple height bids whenever government says jump. Over the past couple of years, it has come to light Blackberry routinely decrypts messages for inquiring governments. Apparently, there's some sort of golden key law enforcement can use to access communications -- one multiple governments seem to have access to.

There are still some unanswered questions about enterprise accounts -- the ones Blackberry doesn't hold the keys to. This poses the same problem for law enforcement that other, more popular phones do. But rather than point out the problems with the government's demands for "responsible encryption," Blackberry has irresponsibly chosen to proclaim its willingness to hack into its own customers' devices if the government asks.

[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. "Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption?

"Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done."

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors.

This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with US law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. But I'm sure Chen's positive attitude will be used as leverage in talks with tech companies the DOJ clearly believes have added encryption to their devices solely as a middle finger to US law enforcement. This belief clearly isn't true, but the DOJ in particular has already show it's willing to be completely disingenuous when arguing for weakened encryption.

Finally, Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users.

Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. "No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world."

This seems a bit unfair. Blackberry will be offering more to the government and telling the public less. Then again, the general public is likely no more interested in a Blackberry transparency report than it is in Blackberry smartphones.

Reader Comments

Do not trust

Generally, we should not trust in large companies. It is no secret that data is and will be collected. Just because it goes public with BB does not mean it has not yet happened with other companies (metadata FB/WA for example). We as users are responsible for our privacy. In terms of messenger one should move to secure messengers such as Threema (or some other alternative). And there are so many other things we can do to protect ourselves. We cannot give in to large companies. The more people become aware the more large companies will be forced to change something in their policies. In modern world, privacy has to be top priority.